Extracted

• • Target

    AURORA STEALER.rar

  • Size

    10.9MB

  • MD5

    7077d053f377ac289bde8e57de60f4a5

  • SHA1

    779664f5ff55cd1035e58f2f5568e8a41a370288

  • SHA256

    282cd2c35141a47148dae9a17263d20edf209dca310112ebb11c47710091fdf7

  • SHA512

    9118b53f275784ad90a3a7bfc5cd578a51fb000bff5d9beab14a4c47b3e2ba8b7c005530c3871166172f6edf090c9763d811225bedeb2327c8034d2a67511a67

  • SSDEEP

    196608:JXoE/rNj9hezMG/8YV8XUEQNar9lG45v/MdB3Nb2e9mMIF0HjS:JBpheIGEzHEi/kNb2esF9

  Score

  10^/10

  aurorashurkexecutioninfostealerstealer

  • Aurora

    Aurora is a crypto wallet stealer written in Golang.

    stealeraurora

  • Shurk

    Shurk is an infostealer, written in C++ which appeared in 2021.

    infostealershurk

  • Shurk Stealer payload

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  behavioral1